Evidence of what has happened to the sector since 2008 was clear. Two thirds said hiring had been ‘significantly' or ‘somewhat down' year on year in 2009, while 55.8 percent described drops in spending on security technology in the same light. For many, if budgets and staffing stayed the same, it would probably count as a victory.

Most of the respondents (1,821) were based in the US, with Canada (168) the UK (149), and Germany (45) some way behind, so US business practices are amplified in the results. The European experience of recession tilted more towards ‘no change', albeit from a smaller sample size.

Comparing the 2009 experience with respondents' view of the coming year, a note of optimism crept in. Almost 30 percent reckoned that their organisation would be hiring ‘somewhat' in 2010, outnumbering the 14.3 percent who saw more decreases. Twenty-two percent saw the IT security budget increasing, with 47.6 percent saying it would remain the same.

It looks as if those who survived the culls of 2008 and 2009 have done OK in terms of salary, with 52.8 percent noting that their pay had increased in 2009. One in twenty even claimed to have received an increase in excess of ten percent or greater. Only 10.9 percent had had pay cut, with 4.9 percent experiencing a lay-off.

ISC(2)'s motive for conducting the survey was to find out how the recession might be affecting the uptake of security skills, and the findings suggest strongly that the area still counts as an IT hotspot. Every area of security expertise was ranked as high on the list of those looking for employees.

"Harsh economic times force many organisations to examine new, more cost-effective ways of accomplishing their goals. This is helping to enrich the career choices in information security, with more and more new business processes becoming dependent on a stable and secure online world," said ISC(2)'s managing director, John Colley.

Clearly, how one interprets the results depends on what is seen as the norm. IT has come to be viewed as a high-paid sector, generally one with a supply problem in finding the right skills at the right time. On that basis, any retrenchment could look traumatic. But compared to most other sectors - publishing and banking for instance - these results are positive.

ISC(2) organises a range of its own not-for-profit security qualifications.